Modem cable service providers offer a wealth of services and content to their subscribers, using a set-top box (STB) located in the subscriber's home. The STB tunes, filters, and demodulates television and other signals transmitted from the cable provider. Due to the fact that successive copies of digital content can be duplicated and redistributed with no loss of quality, digital television content is especially vulnerable and easily subject to theft.
In response to the high risk of service and content theft, cable service providers implement proprietary content theft protection and usage right enforcement systems, which are generally referred to as “Conditional Access Systems” (CAS) to control access to the services and content for their customers. According to The Telecommunications Act of 1996, FCC further requires that CAS meet basic rules of support for separable security, integration ban and common reliance. Some conventional systems use a downloadable Java Condition Access System (JCAS) approach, such as an Open Media Security JCAS (OMS JCAS), to satisfy the core regulatory requirements. However, the JCAS systems suffer from performance contention issues.
For example, by the nature of Java Virtual Machine (JVM) environments, any stack dependent process can temporarily consume all available JVM application resources, which place the JCAS application within the JVM on hold until the resources are made available again. This is unsuitable for the STBs because they are expected to perform many critical functions within tight time constraints. CAS applications are one of these, thus they need to function on schedule to prevent visible impairments in video content delivery and display. Typically, unpredictable response times in CAS functions are perceived by the customers as unacceptable and as harbingers of systemic failure. Further, video content is streamed to STBs in a continuous encrypted data flow and the keys used to encrypt video are frequently changed. STB CAS systems need to respond rapidly enough to sense the key change and provide information needed to support the key transition interval to prevent a short term failure in decryption. Due to the resource contention of the JCAS environment, decryption transition failures are impossible to completely prevent in normal set top operations. As a result, conventional systems fail to provide a downloadable CAS with deterministic resource management and optimal performance.